CVE-2024-7587 — HIGH (7.8) — White Hats Nepal

Q: How severe is CVE-2024-7587?

CVE-2024-7587 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-7587?

Check the references section above for vendor advisories and patch information. Affected products include: Iconics Genesis64, Mitsubishielectric Mc Works64.

Vulnerability Description

Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 versions 9.70.300.23 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.70.300.23 and prior, and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to disclose or tamper with confidential information and data contained in the products, or cause a denial of service (DoS) condition on the products, by accessing a folder with incorrect permissions, when GenBroker32 is installed on the same PC as GENESIS64, ICONICS Suite, MC Works64, or GENESIS32.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Iconics	Genesis64	<= 10.97.3
Mitsubishielectric	Mc Works64	-

Related Weaknesses (CWE)

CWE-276

References

https://jvn.jp/vu/JVNVU95548104MitigationThird Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-24-296-01Third Party AdvisoryUS Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-008_en.pdfVendor Advisory

FAQ

What is CVE-2024-7587?

CVE-2024-7587 is a vulnerability with a CVSS score of 7.8 (HIGH). Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Soluti...

How severe is CVE-2024-7587?

CVE-2024-7587 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-7587?

Check the references section above for vendor advisories and patch information. Affected products include: Iconics Genesis64, Mitsubishielectric Mc Works64.